CVE-2010-2757The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properlysend impersonation notifications, which makes it easier for remoteauthenticated users to impersonate other users without discovery.

CVE-2010-2758Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through3.6.1, and 3.7 through 3.7.2 generates different error messagesdepending on whether a product exists, which makes it easier forremote attackers to guess product names via unspecified use of the (1)Reports or (2) Duplicates page.

CVE-2010-2759Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does notproperly handle large integers in (1) bug and (2) attachment phrases,which allows remote authenticated users to cause a denial of service(bug invisibility) via a crafted comment.

Solution:Update your system with the appropriate patches orsoftware upgrades.